somewhat. Now the dynamic initialisation of the value_string is contained
in the value_string_from_subdissectors() function instead of being
distributed amongst the dcerpc dissectors.
svn path=/trunk/; revision=8123
- skip dissection of value if value length is zero
- add placeholder for REG_MULTI_SZ value proto item
- rename local variable start to start_offset for consistency
svn path=/trunk/; revision=8019
list rather than duplicating this information in the dissector. Some
of the opnum strings were starting to get out of date as developers
forgot to update the information in both places.
svn path=/trunk/; revision=7936
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
Also, it turns out that there are three types of specific access permissions
for printing - printer, print server and job specific bits.
svn path=/trunk/; revision=7669
instead of passing them around as separate parameters. This is a
prelude to adding generic and standard mapping to the access mask
dissection.
svn path=/trunk/; revision=7591
Cleaned up some all caps proto items to more friendly looking text.
Append number of notifies within a notify option structure to the proto_item.
svn path=/trunk/; revision=7195
give it a byte-order argument, and move it to "epan/tvbuff.c".
Use it to handle UCS-2 strings in version 1 of the Service Location
Protocol. In SRVLOC V1, use registered fields that are already there
for SRVLOC V2, and add some as needed. Fix some field names.
svn path=/trunk/; revision=7186
Added name parameter and add_subtree boolean to dissect_SYSTEM_TIME()
Decorate COL_INFO with changeid and notify information for print
notify RPCs.
svn path=/trunk/; revision=7121
Hooray - I think that's the last of the spoolss specific string routines
cleaned up.
Cleanup of print notify dissections:
- rename hf variable names
- added 'job total bytes' and 'job bytes printed' filter fields
- fixed bug dissecting job notify data introduced when converting to NDR
routines
- add hidden values for notify data so that filtering on (say) printer
name brings up notify data that references it
- decorate some higher level print notify proto_items to make things look
pretty
Add printer name to ReplyOpenPrinter policy handle name.
svn path=/trunk/; revision=7113
- display more data in COL_INFO
- replaced per-RPC level fields with generic spoolss.form.level one
- put the form type value string into the hf initialisation instead
of displaying it by hand using proto_tree_add_text
- added hidden field for all forms RPCs (filter on spoolss.form to get
all form related RPCs)
- removed useless dissect_form_name() function
svn path=/trunk/; revision=7111
"dissect_ndr_char_cvstring()" and "dissect_ndr_wchar_cvstring()", to
indicate that they're for conformant varying strings.
Rename "dissect_ndr_character_array()" to "dissect_ndr_cvstring()", to
indicate that it's for conformant varying strings.
svn path=/trunk/; revision=7096
Rename "dissect_ndr_element_array()" to "dissect_ndr_character_array()",
move it out of "packet-dcerpc-nt.c" to "packet-dcerpc.c", and have it
use the standard DCE RPC array max count/offset/count fields rather than
their own private versions of those fields. Give it an option to create
a subtree, and an argument to specify the field to use for the actual
data buffer, and export it.
Move the routines for handling arrays of "char" and "wchar" as strings
out of "packet-dcerpc-nt.c" to "packet-dcerpc.c".
Add a routine to handle an array of "char" as an opaque blob of bytes.
Use "dissect_ndr_character_array()" to dissect character strings in MAPI
(the strings in question are ASCII, not Unicode), and use the routine to
handle an array of "char" as an opaque blob of bytes to dissect
encrypted data (again, it's bytes, not 16-bit quantities). Show them as
encrypted data, not unknown data.
Use "dissect_ndr_character_array()" to dissect a form name in
"dissect_form_name()" in the SPOOLSS dissector.
svn path=/trunk/; revision=7091
Dissection of security descriptors in SPOOLSS RPC calls now display
the correct meaning of the specific access mask bits.
svn path=/trunk/; revision=7087
Set item len for devicemode dissector.
Fixed dissection of relative strings so that the actual value of
the string is assigned to the hf item instead of the empty string.
Dissect JOB_INFO_2 structure.
svn path=/trunk/; revision=7078
Display something useful in COL_INFO when dissecting REG_BINARY
printerdata.
Display the value needed field in value subtree.
svn path=/trunk/; revision=7073
This fixes a bunch of neat stuff that was broken after the conversion
to the dissect_ndr_* functions like printer handle tracking by name
and many COL_INFO things.
svn path=/trunk/; revision=7018
Deleted all the old crufy ndr pointer dissection. Hooray!
Next on the hit list is some refactoring of the ndr string
routines...
svn path=/trunk/; revision=6899
routines except for the enumprinterdata values. Note the display of
strings inside the protocol tree is broken due to lack of a unicode
string frametype.
svn path=/trunk/; revision=6784
output for a USER_LEVEL_1 it looks like the info level and container
pointer are transposed. I'm not even sure this structure is a
container
svn path=/trunk/; revision=6783
we're using is relative to the beginning of that tvbuff, not relative to
the beginning of the containing tvbuff; that also lets us use -1 when in
"proto_tree_add_text()" calls when we mean "to the end of the buffer.
Fix the comment for one field.
svn path=/trunk/; revision=6781
"dissect_ndr_uint16s()"; "dissect_ndr_uint16s()" is always passed a null
pointer, "dissect_dcerpc_uint16s()" is only called by
"dissect_ndr_uint16s()", and the pointer returned through "pdata" is
*NOT* guaranteed to be aligned on a 16-bit boundary so we don't want to
tempt people to blithely dereference that pointer.
svn path=/trunk/; revision=6699
name of the field being dissected, and, if it's not null, use it instead
of "UINT16UNI". Pass the appropriate argument in some calls.
In "SpoolssOpenPrinterEx_q()", put in some #if 0'ed out code to note
what should be done with the printer name when we can get it.
svn path=/trunk/; revision=6670
arguments correctly. There's a string datatype, a devicemode
container with a possibly null devicemode, and a "user level"
structure, whatever that is.
svn path=/trunk/; revision=6659
while. Also convert to dissect_ndr_* functions instead of old-style
prs_* functions.
Converted devicemode dissection to ndr functions as well. There are
still a bunch of value_strings that can be written to decode some of
the constants here.
svn path=/trunk/; revision=6658
Tim Potter